diff options
| -rw-r--r-- | recipes-kernel/linux/linux-hierofalcon-3.19/mnt-CVE-2015-4177.patch | 56 | ||||
| -rw-r--r-- | recipes-kernel/linux/linux-hierofalcon_3.19.bb | 1 |
2 files changed, 57 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/mnt-CVE-2015-4177.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/mnt-CVE-2015-4177.patch new file mode 100644 index 0000000..6bd9a75 --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon-3.19/mnt-CVE-2015-4177.patch | |||
| @@ -0,0 +1,56 @@ | |||
| 1 | From 0de0e610f6b359c52d4f8b02bac2963f4968c9d6 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "Eric W. Biederman" <ebiederm@xmission.com> | ||
| 3 | Date: Wed, 7 Jan 2015 14:28:26 -0600 | ||
| 4 | Subject: mnt: Fail collect_mounts when applied to unmounted mounts | ||
| 5 | |||
| 6 | [ Upstream commit cd4a40174b71acd021877341684d8bb1dc8ea4ae ] | ||
| 7 | |||
| 8 | The only users of collect_mounts are in audit_tree.c | ||
| 9 | |||
| 10 | In audit_trim_trees and audit_add_tree_rule the path passed into | ||
| 11 | collect_mounts is generated from kern_path passed an audit_tree | ||
| 12 | pathname which is guaranteed to be an absolute path. In those cases | ||
| 13 | collect_mounts is obviously intended to work on mounted paths and | ||
| 14 | if a race results in paths that are unmounted when collect_mounts | ||
| 15 | it is reasonable to fail early. | ||
| 16 | |||
| 17 | The paths passed into audit_tag_tree don't have the absolute path | ||
| 18 | check. But are used to play with fsnotify and otherwise interact with | ||
| 19 | the audit_trees, so again operating only on mounted paths appears | ||
| 20 | reasonable. | ||
| 21 | |||
| 22 | Avoid having to worry about what happens when we try and audit | ||
| 23 | unmounted filesystems by restricting collect_mounts to mounts | ||
| 24 | that appear in the mount tree. | ||
| 25 | |||
| 26 | Fixes CVE-2015-4177. | ||
| 27 | Upstream-Status: Backport | ||
| 28 | |||
| 29 | Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> | ||
| 30 | Signed-off-by: Sasha Levin <sasha.levin@oracle.com> | ||
| 31 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
| 32 | --- | ||
| 33 | fs/namespace.c | 7 +++++-- | ||
| 34 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
| 35 | |||
| 36 | diff --git a/fs/namespace.c b/fs/namespace.c | ||
| 37 | index 64837e3..8b60287 100644 | ||
| 38 | --- a/fs/namespace.c | ||
| 39 | +++ b/fs/namespace.c | ||
| 40 | @@ -1675,8 +1675,11 @@ struct vfsmount *collect_mounts(struct path *path) | ||
| 41 | { | ||
| 42 | struct mount *tree; | ||
| 43 | namespace_lock(); | ||
| 44 | - tree = copy_tree(real_mount(path->mnt), path->dentry, | ||
| 45 | - CL_COPY_ALL | CL_PRIVATE); | ||
| 46 | + if (!check_mnt(real_mount(path->mnt))) | ||
| 47 | + tree = ERR_PTR(-EINVAL); | ||
| 48 | + else | ||
| 49 | + tree = copy_tree(real_mount(path->mnt), path->dentry, | ||
| 50 | + CL_COPY_ALL | CL_PRIVATE); | ||
| 51 | namespace_unlock(); | ||
| 52 | if (IS_ERR(tree)) | ||
| 53 | return ERR_CAST(tree); | ||
| 54 | -- | ||
| 55 | cgit v0.11.2 | ||
| 56 | |||
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb index a1c3e6e..7d0e9d2 100644 --- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb +++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb | |||
| @@ -20,6 +20,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6 | |||
| 20 | file://RDS-CVE-2015-6937.patch \ | 20 | file://RDS-CVE-2015-6937.patch \ |
| 21 | file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \ | 21 | file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \ |
| 22 | file://fs-CVE-2015-3339.patch \ | 22 | file://fs-CVE-2015-3339.patch \ |
| 23 | file://mnt-CVE-2015-4177.patch \ | ||
| 23 | " | 24 | " |
| 24 | 25 | ||
| 25 | S = "${WORKDIR}/git" | 26 | S = "${WORKDIR}/git" |